@aquacloud_ai/aqc-charts (>=0.1.1 <=0.1.3), @arkxos/arkos-system (>=0.1.1 <=0.1.10) +50 more potentially affected by CVE-2026-45249 via echarts (=6.0.0)

echarts NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on echarts and may be impacted: - @aquacloudai/aqc-charts =0.1.1, =0.1.1, =5.1.121, =0.1.1, =1023.48.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =1023.0.0, =0.22.0,...

Apache ECharts 安全漏洞

Apache ECharts is a data visualization charting library from the Apache USA Foundation. A security vulnerability exists in Apache ECharts versions prior to 6.1.0, which stems from a failure to escape HTML strings in the rendering logic of the Lines family of tooltips, potentially leading to a...

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...